formbook

General

Target

0d16b681e62efc4044d6295b69a2a6d7f8a06f7c048c05a7a8cf654354541900
Size

676KB
Sample

241002-ezx5vs1apa
MD5

870dec2a7697c57e20fe9285f8cd2a72
SHA1

46156ed55c6e0c38a245a82fc2a404af2f1ed43e
SHA256

0d16b681e62efc4044d6295b69a2a6d7f8a06f7c048c05a7a8cf654354541900
SHA512

d374a01371d04e8995ea9a49b75802f03b13e3b9494e357e62d2a8f3343cc3df3721055fd5ad0bda79042d4651a7dc06027d16cbf7dffda3bdcf771f04f0a0d7
SSDEEP

12288:eLaWTG4m0IUVU6++t8g1C0m0hGuQd7AIiofTf7zEh3YQ6l2SAL9DrliLJ/MGxTQ:shT2Uu6+M8ACr8GuKbbb7zEhIQ6BUlIn

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hy08

Decoy

weazc.top

servoceimmpajhnuz.info

vqemkdhi.xyz

wergol.com

spa-mk.com

rtpsid88.life

tatetits.fun

raidsa.xyz

suojiansuode.net

jointhejunction.com

wudai.net

typeboot.shop

mksport-app.com

miocloud.ovh

taipan77pandan.com

wwwhg58a.com

khuahamiksai31.pro

carpedatumllc.net

safebinders.com

krx21.com

Targets

- Target
  
  0d16b681e62efc4044d6295b69a2a6d7f8a06f7c048c05a7a8cf654354541900
- Size
  
  676KB
- MD5
  
  870dec2a7697c57e20fe9285f8cd2a72
- SHA1
  
  46156ed55c6e0c38a245a82fc2a404af2f1ed43e
- SHA256
  
  0d16b681e62efc4044d6295b69a2a6d7f8a06f7c048c05a7a8cf654354541900
- SHA512
  
  d374a01371d04e8995ea9a49b75802f03b13e3b9494e357e62d2a8f3343cc3df3721055fd5ad0bda79042d4651a7dc06027d16cbf7dffda3bdcf771f04f0a0d7
- SSDEEP
  
  12288:eLaWTG4m0IUVU6++t8g1C0m0hGuQd7AIiofTf7zEh3YQ6l2SAL9DrliLJ/MGxTQ:shT2Uu6+M8ACr8GuKbbb7zEhIQ6BUlIn
Score

10^/10

formbook hy08 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2